﻿using Microsoft.Owin.Security.OAuth;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Threading.Tasks;
using System.Security.Claims;
using AutoMapper;
using SIG.Service.Identity;
using System.Web.Http;
using Autofac.Integration.Owin;
using Autofac;
using Microsoft.Owin.Security;

namespace SIG.WebMVC
{
    public class SigAuthorizationServerProvider : OAuthAuthorizationServerProvider
    {
       

        public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            //string cid, csecret;
            //if (context.TryGetBasicCredentials(out cid, out csecret))
            //{
            //    var svc = context.OwinContext.Environment.GetUserAccountService<UserAccount>();
            //    if (svc.Authenticate("clients", cid, csecret))
            //    {
            //        context.Validated();
            //    }
            //}
            //return Task.FromResult<object>(null);
           

            context.Validated(); //
        }

        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {

            //var identity = new ClaimsIdentity(context.Options.AuthenticationType);
            //if (context.UserName == "admin" && context.Password == "admin")
            //{
            //    identity.AddClaim(new Claim(ClaimTypes.Role, "admin"));
            //    identity.AddClaim(new Claim("username", "admin"));
            //    identity.AddClaim(new Claim(ClaimTypes.Name, "Sourav Mondal"));
            //    context.Validated(identity);

            //}
            //else if (context.UserName == "user" && context.Password == "user")
            //{
            //    identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
            //    identity.AddClaim(new Claim("username", "user"));
            //    identity.AddClaim(new Claim(ClaimTypes.Name, "Suresh Sha"));
            //    context.Validated(identity);
            //}
            //else
            //{
            //    context.SetError("无效授权", "提供的用户名或密码有错误！");
            //    return;
            //}

            IUserService _userService = context.OwinContext.GetAutofacLifetimeScope().Resolve<IUserService>();

            var user = await _userService.SignInForAPI(context.UserName, context.Password);
            if (user == null)
            {
                //context.SetError("invalid_grant", "用户名或密码不正确！");
                context.SetError("无效授权", "提供的用户名或密码有错误！");
                return;
            }


            var identity = new ClaimsIdentity(context.Options.AuthenticationType);

            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
            identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
            identity.AddClaim(new Claim(ClaimTypes.Email, user.Email));


            foreach (var role in user.Roles)
            {
                identity.AddClaim(new Claim(ClaimTypes.Role, role.RoleName));
            }


            //设置cookies
           // _userService.SetUserCookies(true, user);

            context.Validated(identity);


        }
    }
}